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Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)n The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f), 
a)n All b)n Some * c)D None of: 

1 .□ Certified copies of the. priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) Notice of References Cited (PT0.892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draflsperson's Patent Drawing Review (PTO-948) Papef No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Palent and Trademark Office 

PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20071230 



Application/Control Number: Page 2 

10/681,613 

Art Unit: 2135 

DETAILED ACTION 

1. Applicant's submission for RCE filed on Oct. 22, 2007 has been entered. Claims 
1-5, 8-10 are pending. Claims 1, 9, 10 are amended by applicant. 

Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

2. Claim 1-5, 9 are rejected under 35 U.S.C, 101 because the claimed invention is 
directed to non-statutory subject matter. 

Claim 1 recites "A computerized method for protecting an identifier of a 

subscriber , said computerized method comprising the step of....". Claim is directed 

to a computerized method which could be a program/software/set of instructions. The 
above claims would have established a statuary category of the invention if the program 
recited in the above claims were stored on an appropriate medium and perform the 
function recited on the body of the claims when the program is read and executed by 
the computer/processor. However the above claim is simply computerized method 
which could be programs and thus do not clearly establish a statuary category of the 
invention. Therefore the claim is a program per se and does not fall within the statutory 
classes listed in 35 USC 101. Therefore, claim 1 is not statutory since no requisite 
functionality is present to satisfy the practical application requirement. 
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Claims 2-5 depend on claim 1, therefore they are rejected with the same rationale 
applied against claim 1 above. 

Claim 9 recites "An apparatus for protecting an identifier of a 

subscriber, comprising: a system for dynamically generating ; a system for 

extracting....; a system for decrypting ;a system for checking ...; a system for 

transmitting,...; a system for transmitting....". In accordance with fig. 2a, 2b, 3, 4 and 
related description from the applicant's specification, "system" or "system for" are not 
limited to hardware or a combination of hardware and software, instead being 
sufficiently broad so as to encompass software alone, (algorithm). As such, the claimed 
system must include the hardware necessary to realize any of the functionality of the 
claimed system and produce a useful, concrete and tangible result. Absent recitation of 
such hardware as part of the claimed system, it is considered non-statutory. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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3. Claims 1-5 and 8-10 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Talati et al. (U.S. Patent No. 5,903,878) in view Knouse et al (US Patent No. 
7.185,364) and in view of Weisman et al (US Patent No. 7,171,475). 

As per Claim 1 . A method for protecting an identifier of a subscriber, during data 
transfer between a service provider and a content provider, when said subscriber sends 
a request to said service provider to obtain data belonging to said content provider, said 
method comprising the steps of: - upon reception of said subscriber request by said 
service provider: [Abstract, lines 3-5] - computing an encrypted token using said 
identifier of said subscriber [Column 3, lines 12-19 and lines 29-33; The TA' is the 
Service Provider.]; and, - transmitting said subscriber request and said encrypted 
token to said content provider [Column 3, lines 20-21]; - upon reception by said service 
provider of a certification request comprising an encrypted token, sent by said content 
provider [Column 3, lines 21-22]: - extracting said encrypted token from said 
certification request [Column 3, lines 34-36]; - decrypting said extracted encrypted 
token to determine said subscriber identifier [Column 3, lines 34-36]; - checking said 
determined subscriber identifier [Column 2, lines 66-67]; and, - transmitting a success or 
failure indication to said content provider in response to said certification request 
[Column 3, lines 36-45;]; - upon reception of said data belonging to said content 
provider by said service provider, transmitting said data belonging to said content 
provider to said subscriber. [Column 3, lines 54-56] 
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Further explanation of claim 1: Talati et al. teach the initial request from the 
subscriber to the content provider as the general premise of their invention: "A 
transaction order generated by a purchaser has a unique transaction identifier 
associated therewith and [in one embodiment] the purchase order is transmitted to the 
merchant and then to a transaction administrator. (Abstract)." Computation of a token 
bearing user identification is described by Talati et al. as, "The electronic transaction 
includes details of the transaction such as descriptions of the item(s) that the client 
desires to purchase... and a unique transaction identifier that... is uniquely associated 
with the particular purchase transaction. (Column 3, lines 12-19)." "This 
communication between the [Service Provider] and the client may be encrypted using a 
suitable encryption method of a set of virtual keys known only to the [Service Provider] 
and each individual purchaser. (Column 3, lines 29-33)." Talati et al. show transmitting 
the request and token to the content provider by: "[The electronic transaction with 
descriptions of the items and a unique identifier] information is transmitted to the 
merchant over the network, (Column 3, lines 20-21)." Receiving a 'certification request' 
from the content provider is taught as, "In response to the purchase order, the merchant 
generates a payment authorization request for transmission to the [service provider]. 
(Column 3, lines 21-22)." Extracting and decrypting the token from the certification 
request to determine the subscriber identifier is taught as. "Upon receipt of the 
validation request, the client decodes, if necessary, the encrypted validation request 
and extracts the unique transaction identifier therefrom. (Column 3, lines 34-36)." 
Checking the determined subscriber identifier is taught as, "The transaction 
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administrator [Service Provider] is an entity which authenticates entities and validates 
the content of the transaction [as previously defined] by the originator. (Column 2, lines 
'65-67)." Transmitting a success or failure indication to the content provider is taught by 
the equivocal passage in Talati et al., "The identifier is compared to a listing of 
generated transaction identifiers at the client to confirm that the client authorized the 
transaction order with which the transaction identifier is associated. (Column 3, lines 
36-39)." Talati et al. show subsequently transmitting the content provider data to the 
user (or subscriber) upon a success by, "If the information in the transaction request 
checks out, the item(s) ordered may be delivered to the [subscriber] by the [content 
provider]. (Column 3, lines 54-56)." 

Knouse teaches dynamically generating for each new session an encrypted token using 
said identifier of said subscriber, wherein a lifetime of the encrypted token is a user 
session lifetime, the generating using one of symmetric and asymmetric encryption 
algorithm comprising: determining a separator (S); determining a time varying value (T); 
concatenating the subscriber identifier with T in a string such that the subscriber 
identifier and T are separated with S; encrypting the string with one of a symmetric and 
asymmetric encryption algorithm [Fig. 37, col. 35 lines 13-44, col. 53 lines 8-23]. 
Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Knouse with Talati, since one would have been 
motivated to provide secure access to business applications and content to users they 
deem authorized and prevent unauthorized use in internet-based e-business 
environment [Knouse, col. 1 lines 51-57]. 
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Weisman teaches reception of a Simple Object Access Protocol (SOAP) certification 
request [Fig. 10]; extracting said encrypted token from said SOAP certification request , 
wherein the encrypted token is in one of the SOAP body and a predefined SOAP 
header [Fig. 10, col. 11 lines 40-44, col. 12 lines 39-48]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Weisman with Talati and Rosen, since one would 
have been motivated to provide host-provided peer networking for hosted devices 
[Weisman, col. 1 lines 7-8]. 

As per claim 2 . the rejection of claim 1 is incorporated and Talati teaches: the step of 
verifying rights of said subscriber, wherein said steps of computing an encrypted token 
and transmitting said subscriber request and said encrypted token to said content 
provider are done only if said subscriber holds corresponding rights. [Column 3, lines 
45-48; where the 'queries' are the transaction requests (or the content requests). The 
user would have to be registered to have such 'queries' made, thereby granting 'rights' 
by way of association with the registration.] 

As per claim 3 . the rejection of claim 1 is incorporated and Talati teaches: the step of 
memorizing said encrypted token so that it can be reused without having to be 
recomputed. [Column 3, lines 45-48; the queries/tokens are memorized for use later.] 
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As per claim 4 . the rejection of claim 1 is incorporated and Talati teaches: the step of 
charging said subscriber if said determined subscriber identifier is certified. [Column 2, 
lines 55-59 and column 2 & 3, lines 66-67 & 1-2]. 

As per claim 5 . the rejection of claim 1 is incorporated and Talati teaches: the step of 
formatting said data belonging to said content provider in a format suitable and usable 
by the subscriber [column 3, lines 56-59], 

As per claim 8 . the rejection of claim 1 is incorporated and Talati teaches: The method 
of claim 1 implemented using web service technology. [Column 3, lines 56-59]. 

As per claim 9 . it is an apparatus claim corresponds to method claim 1 and is rejected 
for the same reason set forth in the rejection of claim 1 above [Rejected per claim 1.] 

As per claim 10 . it is a computer program product claim corresponds to method claim 1 
and is rejected for the same reason set forth in the rejection of claim 1 above [Rejected 
per claim 1.] 

Response to Amendment 

4. This written action is responding to the Request for Continued Examination 
(RCE) dated 10/22/07. In view of applicant's argument and amendment to claim 1, a 
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new reference by Knouse iet al is found and used in combination with various previously 
cited prior art. See new grounds of rejection above. 



Conclusion 

5. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Wood et al (US 6892307) - Single sing-on framework with trust-level mapping to 
authentication requirements 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nirav Patel whose telephone number is 571-272-5936. 
The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
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you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



NBP 
12/30/07 




